Threat Actors Phishing Airbnb Users For Fraud
During my daily monitoring, I uncovered a number of Airbnb phishing pages harvesting user account credentials. This got me thinking about the types of fraud targeting Airbnb users and the hosts. Airbnb is not a typical target for phishing, compared to the vast number of phishing pages targeting banks, HMRC, DVLA, and mobile carriers. However, it can be a profitable venture for cybercriminals if they can phish the right account. I also identified one phishing page that was aiming to bypass SMS two-factor authentication (2FA). The first page takes the email and password (see here ) and the second acquires the SMS code (see here ). For this attack, the operators only have a limited amount of time to swipe the credentials and input the 2FA code before it expires (typically around 10 minutes). If successful, the attackers are fully authenticated and can change the password. Indicators of Compromise (IOCs): Type Indicator Domain abn.co-host-listing-49461[.]casa Domain abn.co-h